SYMAES: A Fully Symbolic Polynomial System Generator for AES-128⋆
نویسندگان
چکیده
SYMAES is a software tool that generates a system of polynomials in GF(2), corresponding to the round transformation and key schedule of the block cipher AES-128 [1]. Most of the existing polynomial system generators for AES are typically used under the assumption that the plaintext and ciphertext bits are known, and therefore are treated as constants. Although some of the generators, such as the AES (SR) Polynomial System Generator [2,3], can also be used when this assumption is not made, the instructions to do this are not always very natural. SYMAES is specifically designed to address the case in which (some of) the plaintext and ciphertext bits are unknown and are therefore treated as symbolic variables. Such a scenario is realistic and arises during the algebraic cryptanalysis of AES-based constructions, where only parts of the plaintext and/or ciphertext are known. An example of such a construction is the stream cipher LEX [4], a small-scale version of which has been analysed using SYMAES [5]. The inputs to SYMAES are the bits of the plaintext and the bits of the original key, represented as symbolic variables in GF(2). The output is a system of equations describing the output bits of one round of AES as a function of the input bits and the key. SYMAES also generates symbolic equations for the AES key schedule. Then, the bits of the round keys are expressed as polynomials in the bits of the original key. As a final note we would like to stress that SYMAES should not be seen as a competitor to existing AES polynomial system generators, but rather as an addition to them. SYMAES achieves in a more natural way what can also be achieved using SR [3]. Similarly to SR, SYMAES is also written in Python and is used within the open source computer algebra Sage [6]. This makes possible a future integration of the SYMAES code into SR. This submission is accompanied by an appendix containing the SYMAES source code and usage instructions.
منابع مشابه
Symbolic Encryption with Pseudorandom Keys
We give an efficient decision procedure that, on input two (acyclic) cryptographic expressions making arbitrary use of an encryption scheme and a (length doubling) pseudorandom generator, determines (in polynomial time) if the two expressions produce computationally indistinguishable distributions for any pseudorandom generator and encryption scheme satisfying the standard security notions of p...
متن کاملSecurity Level Enhancement in Noisy Environment
Speech scrambling techniques are used to scramble clear speech into unintelligible signal in order to avoid eavesdropping. . Analog scramblers are intended in applications where the degree of security is not too critical and hardware modifications are prohibitive due to its high cost .The residual intelligibility of the speech signal can be reduced by reducing correlation among the speech sampl...
متن کاملGeneration of Loop Invariants in Theorema by Combinatorial and Algebraic Methods
When generating verification conditions for a program, one is faced with one major task, namely with the situation when some additional assertions are needed (e.g. loop invariants). These assertions have the property that either they are invariant during execution of the program, or they depend on some other invariant properties. Therefore, automated formal verification is sensitive to the auto...
متن کاملTowards Practical Obfuscation of General Circuits
Known approaches for obfuscating a circuit are only feasible in theory: the complexity polynomially depends on the security parameter and circuit measures, but with too large polynomials and/or holds only with large enough security parameters, which leaves the methods not implementable for almost all applications at a required security level, say 128 bits. In this work, we initiate the task of ...
متن کاملImplementing GCM on ARMv8
The Galois/Counter Mode is an authenticated encryption scheme which is included in protocols such as TLS and IPSec. Its implementation requires multiplication over a binary finite field, an operation which is costly to implement in software. Recent processors have included instructions aimed to speed up binary polynomial multiplication, an operation which can be used to implement binary field m...
متن کامل